A Wii bit of hackery, maybe; a real “jailbreak” still eludes

Headlines tell us that the Wii has been gloriously hacked, but plenty of …

In the video, a man stands on stage at the 24th Chaos Communication Congress before a screen showing a projected image of Lego Star Wars on the Nintendo Wii. He seems nervous. "Some day we'll have a nice Linux bootable DVD," he tells the crowd as he awkwardly moves around the menus. Then the screen goes black, and a small bit of code—really just a moving cursor with coordinates—comes up on screen. "We can show you we do have code running; this is running in Wii mode, not GameCube mode," the man says. "We do have access to all the hardware." The crowd begins to applaud. It's an initially unimpressive display, but if you know what you're looking at, it's a lightning bolt. Soon after the video went up, the word went out: the Wii has been hacked.

This wasn't as easy as it looks in the clip, and in fact no one was sure if the demo would show anything at all. "We had a few different ideas for things to do, but nothing really seemed to work," the unnamed presenter told Tehskeen. "I have so many DVDs that I burned that booted half-way and then froze—but at the last minute (maybe 30 mins before the presentation), I managed to get one that I could reproduce reliably (at least for a demo)."

Everyone already has access to the GameCube-compatible parts of the Wii; this is what all the existing mod chips and back-up solutions now use, but that's boring. The GameCube has been hacked for ages. What the new team achieved was something new: homebrew that uses the Wii hardware, including the Wiimote, the faster-clocked processor, and extended memory.

To do this, the team had to get past a special part of the ATI-developed GPU called Hollywood that authenticates Wii games. When you stick a GameCube game into the system, a small ARM core embedded on the Hollywood GPU chip shuts off all Wii-specific functions. This gives you a working GameCube, but not much else. When you put in a Wii game, the authentication scheme kicks in and, if it believes it's running signed code, unlocks the full CPU and expanded memory along with all the fun Wii hardware.

This is the chip that has been standing in everyone's way, and the successful hackers aren't ready to explain exactly how they got past it yet. By performing "a few little maneuverings" they were able to dump all the hidden memory and dig through it to find the encryption keys. After that they were able to cobble together the tiny bit of code shown in the YouTube video. The first step has now been taken: Hollywood has been bypassed.

"The solution we found is still not very clean—we intend to release a good solution, but it's going to take some time to do it right," the presenter continues. "I mostly wanted to show a proof of concept, that it could be done, and hopefully give people some ideas that they could pursue on their own."

In other words, this is all there is at the moment. Nothing has been released to the community at large, and the possibility remains that this is a hoax, but this appears to be be a powerful first step to homebrew games that use the Wiimote as well as online functions; it could even lead to support for other Bluetooth controllers.

If the group behind this hack is able to release code into the wild that makes bypassing the Hollywood GPU easy for others, the Wii may become a paradise for amateur coders and game developers. There are already intriguing things being done by using the Wiimote hardware with code running on PCs, but this would open the door to new games and user interface ideas that can run directly from the Wii.

For some reason, the team doesn't plan to release of the secrets soon. "Unfortunately, we're going to have to wait for a more viable solution," the presenter says after being asked whether or note the code used in the demonstration will be made public. The team's refusal to release the exploit code and/or recovered keys does raise some suspicion about the reality of the hack, suspicion that could be put to rest by releasing the relevant code and keys to the mod community to look at. But if the Wii has indeed been hacked, and if the developers can find a way to make the exploit easier, then the floodgates will soon open. But as far as we are aware, there has been no independent verification of the hack just yet.

Nota bene: "Jailbreak" was once a technical term referring to breaking out of a BSD "jail" to gain access to the filesystem and limited hardware, but lately has come to mean breaking any consumer electronics device out of its DRMed state (especially with regards to the iPhone, and iPod touch).